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(57) Abstract: A method and system for coordinating transmission between a sender and a recipient. In one embodiment, a third 
part)' coordinates the distribution of session keys (e.g., symmetric keys) for sender and recipient. A sender computer may generate a 
session key, encrypt it using a public key of the recipient, and send the encrypted session key to the third party. The third party then 
forwards the session key to the recipient computer. Upon receiving the session key, the recipient computer decrypts the session key 
so that the sender and recipient can communicate using a message encrypted with the session key. 
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METHOD AND SYSTEM FOR COORDINATING SECURE 
TRANSMISSION OF INFORMATION 

TECHNICAL FIELD 

The described technology generally relates to sending 
5 information in a secure manner from one computer system to another. 

BACKGROUND 

The secure transmission of data is typically accomplished by 
using a secure channel or by using encryption techniques over a non-secure 
channel. A secure channel may be established by using a transmission 

10 medium that resides totally within a physically secure environment. For 
example, a government research center may locate a transmission medium 
(e.g., cabling) between buildings that are fenced off from outside access. An 
outsider cannot access the information transmitted using that transmission 
medium, and thus the channel is considered secure. Such secure channels 

15 are often restricted to cabling between communication devices that are 
physically proximate. Encryption techniques allow for the secure 
transmission of information using a transmission medium that is itself not 
secure. That is, the encryption techniques secure the information, so the 
transmission medium does not need to be secure. 

20 Conventional encryption techniques can be categorized as 

symmetric or asymmetric. Symmetric encryption techniques, such as the 
Data Encryption Standard ("DES") and the Information Data Encryption 
Algorithm ("IDEA"), use the same key or password to encrypt and decrypt a 
message. Before a message can be successfully read by the recipient, the 

25 symmetric key needs to be sent from the sender to the recipient. The 
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symmetric key is typically sent to the recipient separately from the encrypted 
message. To send the message, the sender encrypts the message using the 
symmetric key and then transmits the encrypted message to the recipient. 
The recipient then uses the symmetric key to decrypt the message. A 
5 difficulty with symmetric encryption techniques is that symmetric keys are 
susceptible to being intercepted while enroute to the recipient. Moreover, 
depending on the technique used to send the symmetric key to the recipient, 
the sender and recipient may be unaware that the symmetric key has been 
intercepted. 

10 Asymmetric techniques assign two separate keys, a public key 

and a private key, to each participant in the secure communications. A 
message encrypted with a public key can be decrypted with the 
corresponding private key, and vice versa. A recipient who wants to receive 
secure messages first generates a public and private key pair. The recipient 

15 then publishes its public key for senders to use when sending secure 
messages to the recipient. To send a message to the recipient, the sender first 
encrypts the message using the recipient's public key and then sends the 
encrypted message to the recipient. Upon receipt of the encrypted message, 
the recipient decrypts the message using its confidential private key. This 

20 technique of sending messages is, however, susceptible to identity spoofing. 
If, however, the sender generates its own public and private key pair and 
publishes its public key, then the sender could digitally sign the message 
using its private key. The recipient would decrypt the signature using the 
public key of the sender. If the decryption is not successful, then the 

25 recipient would know that the message was sent by an impostor. A difficulty 
with asymmetric techniques is that the encrypting and decrypting of 
messages is computationally expensive. In contrast, symmetric techniques 
are relatively computationally inexpensive. 

To overcome the trade-off between computational expense and 

30 security, some systems, such as Pretty Good Privacy ("PGP 55 ), combine 
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asymmetric and symmetric encryption techniques. Each user of such a 
system generates a public and private key pair and publishes their public key. 
When a message is to be sent, such systems generate a symmetric key and 
encrypt the message using the symmetric key. Such systems then encrypt the 
5 symmetric key using the public key of the recipient. When the recipient 
receives the encrypted message and the encrypted symmetric key, the 
recipient decrypts the symmetric key using its private key. The recipient 
then uses the symmetric key to decrypt the message. Because symmetric 
keys are typically shorter than messages, the overhead of encrypting the 
10 symmetric key using the public key is low. Such systems typically reduce 
the possibility of a "plain-text attack" against the asymmetric encryption of 
the symmetric key because the symmetric key has no text associated with it. 
Such systems, however, are susceptible to cryptoanalytical attack techniques 
associated with symmetric encryption. 

It would be desirable to have an encryption technique that 
would help minimize the difficulties encountered by current encryption 
techniques. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 illustrates the communications between a client 
computer and a message server computer. 

Figure 2 illustrates the communications between a sender 
computer, a recipient computer, and a message server computer when a 
message is to be sent from the sender computer to the recipient computer. 

Figure 3 is a block diagram illustrating the components of the 
encryption system in one embodiment. 

Figure 4 is a flow diagram illustrating the processing of the 
receive request for temporary server public key in one embodiment. 
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Figure 5 is a flow diagram illustrating the processing of the 
receive temporary client public key component in one embodiment. 

Figure 6 is a flow diagram illustrating the processing of the 
receive permanent client public key component in one embodiment. 
5 Figure 7 is a flow diagram illustrating the processing of the 

receive registration request component in one embodiment 

Figure 8 is a flow diagram illustrating the processing of the 
receive request to send component in one embodiment. 

Figure 9 is a flow diagram illustrating the processing of the 
10 receive notification response component in one embodiment. 

Figure 10 is a flow diagram illustrating the processing of the 
receive session key response component in one embodiment. 

Figure 1 1 is a flow diagram illustrating the processing of the 
receive temporary server public key component in one embodiment. 
15 Figure 12 is a flow diagram illustrating the processing of the 

receive permanent server public key component in one embodiment. 

Figure 13 is a flow diagram illustrating the processing of the 
request to send component in one embodiment. 

Figure 14 is a flow diagram illustrating the processing of the 
20 receive notification component in one embodiment. 

Figure 15 is a flow diagram illustrating the processing of the 
receives session key component in a embodiment. 

Figure 16 is a flow diagram illustrating the processing of the 
receive message component in one embodiment. 

DETAILED DESCRIPTION 

A method and system for coordinating the transmission of 
information between a sender and a recipient is provided. In one 
embodiment, the encryption system provides an asymmetric encryption 
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mechanism (e.g., a public and private key pair for both the sender and the 
third party) for communicating between the sender and a third party and an 
asymmetric encryption mechanism for communicating between the recipient 
and the third party. When the sender wants to send a message to the 

5 recipient, the sender notifies the third party. The third party generates a 
symmetric key and encrypts the symmetric key using the asymmetric 
encryption mechanism associated with the sender. The third party then sends 
that encrypted symmetric key to the sender. (Alternatively, the sender may 
generate the symmetric key and sent it in encrypted form to the third party so 

10 that the recipient, but not the third party, can decrypt the symmetric key.) 
Upon receiving the encrypted symmetric key, the sender decrypts the 
symmetric key, encrypts the message with the symmetric key, and sends the 
encrypted message to the recipient. The third party also encrypts the 
symmetric key using the asymmetric encryption mechanism associated with 

15 the recipient. The third party then sends that encrypted symmetric key to the 
recipient. Upon receiving the encrypted symmetric key, the recipient 
decrypts it. When the recipient receives the message from the sender that has 
been encrypted with the symmetric key, the recipient decrypts the message 
using the symmetric key. As explained below in more detail, the encryption 

20 system takes advantage of the computational efficiency of the symmetric 
techniques and avoids the problem of having the symmetric key sent with the 
message (even if encrypted). 

In one embodiment, the asymmetric encryption mechanism for 
communicating between a third party and various clients (e.g., senders and 

25 recipients) uses a two-layer asymmetric encryption mechanism. A client 
who wants to send or receive messages first registers with the third party. 
During the registration process, both the third party and the client first 
generate a temporary public and private key pair and exchange their 
temporary public keys. The third party and the client then generate their own 

30 permanent public and private key pair and exchange their permanent public 
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keys. The third party sends its permanent public key to the client in a form 
that is encrypted with the temporary public key of the client. When the 
client receives the permanent public key from the third party, it decrypts the 
key with its temporary private key. Similarly, the client sends its permanent 
5 public key to the third party in a form that is encrypted with the temporary 
public key of the third party. When the third party receives the permanent 
public key from the client, it decrypts the key with its temporary private key. 
The third party can then destroy its permanent public key that it generated for 
the client, and the client can destroy its permanent public key that it 

10 generated for the third party. Eventually, the third party sends symmetric 
keys to the client, for sending or receiving, by encrypting the symmetric keys 
with the permanent public key of the client. 

Figure 1 illustrates the communications between a client 
computer and a message server computer during registration. The message 

15 server computer functions as the third party to coordinate secure 
communications between client computers. Initially, the client computer 101 
sends a request for a temporary server public key. When the server computer 
102 receives the request, it generates a temporary server key pair. The server 
computer may generate a public and private key pair when it receives the 

20 request or may have pre-generated a set of public and private key pairs. The 
public and private key pairs may be generated by various asymmetric 
encryption techniques, such as the Rivest, Shamir, and Adelman ("RSA") 
algorithm. The server computer then sends a temporary server public key to 
the client computer. When the client computer 103 receives the temporary 

25 server public key, it generates a temporary client key pair and sends the 
temporary client public key to the server computer. The client computer also 
sends a registration request to the server computer. When the server 
computer 104 receives the temporary client public key, it stores that key. 
When the server computer 105 receives the registration request, it generates a 

30 permanent server key pair for use in communicating with that client 
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computer. The server then encrypts the permanent server public key with the 
temporary client public key for that client computer. The server then sends 
the encrypted permanent server public key to the client computer. When the 
client computer 106 receives the encrypted permanent server public key, it 

5 decrypts the permanent server public key using its temporary client private 
key. The client computer then generates a permanent client key pair. The 
client computer encrypts the permanent client public key with the permanent 
server public key and sends the encrypted permanent client public key to the 
server computer. When the server computer 107 receives the permanent 

10 client public key, it decrypts the permanent client public key using its 
permanent server private key. The server computer then stores the 
permanent client public key in association with the client computer for use in 
future communications with the client computer. Similarly, the client 
computer stores the permanent server public key for use in future 

15 communications with the server computer. The server computer may 
generate different sets of temporary and permanent key pairs for each client 
computer that registers. One skilled in the art will appreciate that the 
encryption system could register various application programs executing at a 
client computer. In which case, the registration would be associated with the 

20 combination of client computer and application. In addition, the encryption 
system could associate registrations with users, rather than client computers. 

Figure 2 illustrates the communications between a sender 
computer, a recipient computer, and a message server computer when a 
message is to be sent from the sender computer to the recipient computer. 

25 Assuming that the sender computer and recipient computer are already 
registered, the sender computer 201 initiates the sending of the message by 
encrypting using its permanent server public key, a request to send a message 
to the recipient. The sender computer then sends the encrypted request to the 
server computer. When the server computer 202 receives the request, it 

30 decrypts the request using its permanent server private key for the sender 
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computer. The request may include the identification of the sender computer 
in an unencrypted format Alternatively, the identification may be encrypted 
with a public key of the server that is known to all sender and recipient 
computers. The server computer then identifies the recipient from the 

5 request and encrypts a notification for the recipient computer using the 
permanent client public key for the recipient computer, which was received 
during the registration process for that recipient computer. The server 
computer then sends the encrypted notification to the recipient computer. 
When the recipient computer 203 receives the notification, it decrypts the 

10 notification using its permanent client private key. The recipient computer 
then encrypts a response using its permanent server public key and sends the 
response to the server computer. When the server computer 204 receives 
response from the recipient computer, it decrypts the response using its 
permanent server private key for that recipient computer. The server 

15 computer then generates a session key (e.g., a symmetric key) for use in 
encrypting the message that is to be sent from the sender computer and to the 
recipient computer. The server computer encrypts the session key using the 
permanent client public key of the recipient computer. The server computer 
sends the encrypted session key to the recipient computer. When the 

20 recipient computer 205 receives the encrypted session key, it decrypts the 
session key using its permanent client private key. The recipient computer 
then encrypts a response using its permanent server public key and sends that 
response to the server computer. When the server computer 206 receives the 
response from the recipient computer, it encrypts the session key using the 

25 permanent client public key of the sender computer. The server computer 
then sends the encrypted session key to the sender computer. Once the 
sender computer 207 receives the encrypted session key, it decrypts the 
session key using its permanent client private key. The sender computer then 
encrypts a response using its permanent server public key and sends the 

30 response to the server computer. When the server computer 208 receives that 
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response, it decrypts the response using its permanent server private key for 
the sender computer. To actually send the message, the sender computer 209 
encrypts the message with the session key and sends the encrypted message 
to the recipient computer. When the recipient computer 210 receives the 
5 message, it decrypts the message with the session key. The recipient 
computer then encrypts a response with the session key and sends a response 
to the sender computer. When the sender computer 211 receives the 
response from the recipient computer, it decrypts the response using the 
session key to verify that the recipient computer successfully received the 

10 message. One skilled in the art will appreciate that the ordering of the 
sending of these communications can vary. For example, the symmetric key 
could be sent to the sender computer before being sent to the recipient 
computer. Also, the request to send a message could be initiated from a 
computer other than the sender computer. 

15 In an alternate embodiment, the sender computer, rather than 

the server computer, generates the session key. In such an embodiment, the 
server computer sends the permanent client public key of the recipient 
computer to the sender computer after receiving from the sender computer a 
request to send a message to the recipient computer. The sender computer 

20 creates a session key, encrypts it with the permanent client public key of the 
recipient computer, and sends the encrypted session key to the server 
computer. (The sender computer may also encrypt the encrypted session key 
using the permanent server public key.) Upon receipt of the encrypted 
session key, the server computer sends the encrypted session key to the 

25 recipient computer. Upon receipt of the encrypted session key, the recipient 
computer decrypts the session key and notifies the server computer, which in 
lurn notifies the sender computer. The sender computer then sends the 
message to the recipient computer as outlined in 209-211 above. An 
advantage of this alternate embodiment is that the server computer does not 

30 have access to the session key in an unencrypted form. Thus, if the server 
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computer somehow received the encrypted message, it could not decrypt the 
message. 

Figure 3 is a block diagram illustrating the components of the 
encryption system in one embodiment. The client computers 310 and the 
5 message server computer 320 are interconnected via the Internet 330. The 
computers may include a central processing unit, memory, input devices 
(e.g., keyboard and pointing devices), output devices (e.g., display devices), 
and storage devices (e.g., disk drives). The memory and storage devices are 
computer-readable media that may contain instructions that implement the 
10 encryption system. In addition, the data structures and message structures, 
including requests and responses, may be stored or transmitted via a data 
transmission medium such as a signal on a communications link. Various 
communication channels other than the Internet may be used, such as local 
area networks, wide , area networks, or point-to-point dial-up connections. 
The client computers include a client engine 31 1, a receive temporary server 
public key component 3 12, a receive permanent server public key component 
313, and a send request to send component 314, a receive notification 
component 315, a receive session key component 316, a receive message 
component 317, a user interface component 318, and a key database 319. 
The client engine exchanges communications via the Internet with the 
message server computer and other client computers. When a 
communication is received, the client engine invokes the appropriate 
component for processing the communications. The user interface 
component provides a mechanism for receiving messages from a sender 
computer and displaying messages to a user. The mechanism may be similar 
to a conventional electronic mail application that is adapted to invoke the 
various components necessary to ensure a secure transmission. The key 
database contains the permanent client private key of the client computer and 
the permanent server public key of the message server computer for this 
client computer. The other components are described in detail below with 
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reference to the flow diagrams that describe their processing. The server 
computer includes a server engine 321, a receive request for temporary server 
key component 322, a receive temporary client public key component 323, a 
receive registration request component 324, a receive permanent client public 
5 key component 325, a receive request to send component 326, a receive 
notification response component 327, a receive session key response 
component 328 and a key database 329. The server engine exchanges 
communications with the client computers and, when a communication is 
received, invokes the appropriate component for processing. The key 
io database contains a permanent server private key and a permanent client 
public key for each client computer that has registered with the message 
server computer. The components of the message server computer are 
described below in detail with reference to flow diagrams describing their 
processing. 

Figures 4-10 are flow diagrams illustrating processing of the 
components of the message server computer in one embodiment. Figures 4-7 
are flow diagrams illustrating the components of the message server 
computer used to register a client computer. Figure 4 is a flow diagram 
illustrating the processing of the receive request for temporary server public 
key in one embodiment. This component receives a request for a temporary 
server public key from a client computer. The receipt of the request may be 
considered to start the registration process. In block 401, the component 
receives a request along with the identifier of the client computer. The 
identifier may either be unencrypted or encrypted, for example, with the non- 
client, computer specific, public key of the server computer. In block 402, 
the component generates a temporary server key pair for that client computer. 
In block 403, the component sends the temporary server public key to the 
client computer. In block 404, the component stores the temporary server 
private key in association with the identifier of that client computer. The 
component then completes. 
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Figure 5 is a flow diagram illustrating the processing of the 
receive temporary client public key component in one embodiment. This 
component is invoked when the message server computer receives a client 
temporary public key. In block 501, the component receives the temporary 

5 client public key from the request along with the identifier of the client 
computer. In block 502, the component stores the temporary client public 
key in association with the identifier of that client computer. 

Figure 6 is a flow diagram illustrating the processing of the 
receive permanent client public key component in one embodiment. This 

io component is invoked when the message server computer receives a 
permanent client public key. In block 601, the component receives the 
permanent client public key and identifier of the client computer. In block 
602, the component decrypts the permanent client public key using the 
permanent server private key for the identified client computer. 

15 Alternatively, the permanent client public key may be encrypted with the 
temporary server public key for that client computer. In this case, the 
component decrypts the permanent client public key using the temporary 
server private key for that client computer. In block 603, the component 
persistently stores the permanent client public key in association with the 

20 identified client computer in the key database and then completes. 

Figure 7 is a flow diagram illustrating the processing of the 
receive registration request component in one embodiment. This component 
is invoked when the message server computer receives a request from a client 
computer to register after temporary public keys have been exchanged 

25 between the client computer and the server computer. In block 701, the 
component generates a permanent server key pair for the requesting client 
computer, which is identified in the request. In block 702, the component 
encrypts the permanent server public key with the temporary client public 
key for that client computer. In block 703, the component persistently stores 

30 the permanent server private key in the key database, associating it with the 
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identifier of that client computer. In block 704, the component sends the 
permanent server public key to the client computer and then completes. 

Figures 8-11 are flow diagrams illustrating the processing of 
the server components used when a message is sent from a sender computer 

5 to a recipient computer. Figure 8 is a flow diagram illustrating the 
processing of the receive request to send component in one embodiment 
This component is invoked by the message server computer when it receives 
a request to send a message from a sender computer to a recipient computer. 
In block 801, the component receives the request along with the identifier of 

10 the sender computer. In block 802, the component decrypts the request with 
the permanent server private key associated with that sender computer that is 
stored in the key database. In block 803, the component encrypts a 
notification with the permanent client public key of the recipient computer. 
In block 804, the component sends the notification to the recipient computer 

15 and then completes. 

Figure 9 is a flow diagram illustrating the processing of the 
receive notification response component in one embodiment. This 
component is invoked by the message server computer when a response to a 
notification is received from a recipient computer. In block 901, the 

20 component receives a response from a recipient computer which includes the 
identifier of that recipient computer. In block 902, the component decrypts 
the response using the permanent server private key for that recipient 
computer that is stored in the key database. In block 903, the component 
generates a session key. In block 904, the component encrypts the session 

25 key with the permanent client public key of the recipient computer. In block 
905, the component sends the encrypted session key to the recipient 
computer and then completes. 

Figure 10 is a flow diagram illustrating the processing of the 
receive session key response component in one embodiment. This 

30 component is invoked by the message server computer when a response to 
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the sending of a session key is received from a sender computer or a recipient 
computer. In block 1001, the component receives the session key response 
along with the identifier of the client computer. In block 1002, the 
component decrypts the response using the permanent server private key of 
5 the client computer. In decision block 1003, if the client computer is the 
recipient computer, then the component continues at block 1004, else the 
component completes. In block 1004, the component encrypts the session 
key with the permanent client public key of the sender computer. In block 
1005, the component sends the encrypted session key to the sender computer 
10 and then completes. 

Figures 11-16 are flow diagrams illustrating the processing of a 
client computer in one embodiment. Figures 11-12 are flow diagrams 
illustrating the registration process of a client computer. Figure 1 1 is a flow 
diagram illustrating the processing of the receive temporary server public key 
15 component in one embodiment. The client computer invokes this component 
when it receives a temporary server public key from the message server 
computer. In block- 1101, the component receives the temporary server 
public key from the message server computer. In block 1102, the component 
generates a temporary client key pair. In block 1103, the component sends 
the temporary client public key to the message server computer. In one 
embodiment, the component may encrypt the temporary client public key 
with the temporary server public key. In block 1 104, the component sends a 
registration request to the server and then completes. The sending of the 
registration request may be temporarily separated from the sending of the 
temporary client public key. 

Figure 12 is a flow diagram illustrating the processing of the 
receive permanent server public key component in one embodiment. This 
component is invoked when the client computer receives a permanent server 
public key from the message server computer. In block 1201, the component 
receives the permanent server public key from the message server. In block 
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1202, the component decrypts the permanent server public key using its 
temporary client private key. In block 1203, the component persistently 
stores the permanent server public key in the key database. In block 1204, 
the component generates a permanent client key pair. The component stores 
5 the permanent client private key in the key database. In block 1205, the 
component encrypts the permanent client public key using the permanent 
server public key. In block 1206, the component sends the permanent client 
public key to the message server computer and then completes. 

Figures 13-16 are flow diagrams illustrating the processing for 
sending a message from a client computer in one embodiment. Figure 13 is a 
flow diagram illustrating the processing of the request to send component in 
one embodiment. This component is invoked when a client computer wants 
to send a message to a recipient computer. In block 1301, the component 
encrypts a request using the permanent server public key of the message 
server computer stored in the key database. In block 1302, the component 
sends the request to the message server computer and then completes. 

Figure 14 is a flow diagram illustrating the processing of the 
receive notification component in one embodiment. This component is 
invoked when the client computer receives a notification that it will receive a 
message from a sender computer. In block 1401, the component receives the 
notification. In block 1402, the component decrypts the notification using its 
permanent client private key stored in the key database. In block 1403, the 
component encrypts a response using the permanent server public key stored 
in the key database. In block 1405, the component sends the response to the 
message server computer and then completes. 

Figure 15 is a flow diagram illustrating the processing of the 
receive session key component in one embodiment. This component is 
invoked when a client computer, sender computer or recipient computer, 
receives a session key. In block 1501, the component receives a session key 
from the message server component. In block 1502, the component decrypts 
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the session key using the permanent client private key stored in the key 
database. In block 1503, the component encrypts a response with the 
permanent server public key stored in the key database. In block 1405, the 
component sends the response to the message server computer. In decision 
5 block 1405, if the client computer is the sender computer, then the 
component continues at block 1506, else the component completes. In block 

1506, the component encrypts the message with the session key. In block 

1507, the component sends the message to the recipient computer and then 
completes. 

io Figure 16 is a flow diagram illustrating the processing of the 

receive message component in one embodiment. The receive message 
component is invoked when a client computer receives a message from a 
sender computer. In block 1601, the component receives the message along 
with the identifier of the sender computer. In block 1602, the component 

15 decrypts the message with the session key for that sender computer. In block 
1603, the component encrypts a response using the session key of that sender 
computer. Alternatively, the response may be encrypted using a permanent 
client public key of the sender computer, rather than with the session key. In 
block 1604, the component sends the response to the sender computer and 

20 then completes. 

From the foregoing, it will be appreciated that although 
specific embodiments of the encryption system have been described herein 
for purposes of illustration, various modifications may be made without 
deviating from the spirit and scope of the invention. Although the encryption 

25 system is described in reference to computers, any type of device that is 
capable of performing the described processing can be used. For example, 
the client devices may be personal digital assistants, cell phones, web 
appliances, and so on. Also, the techniques of the encryption system may be 
used in conjunction with the Present Detection System to ensure that the 

30 recipient computer and optionally, the recipient, is available to receive the 
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claims. 
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CLAIMS 



1 LA computer-based method for coordinating transmitting 

2 information between a sender computer and a recipient computer, the method 

3 comprising: 

4 providing a sender public key and a recipient public key; 

5 receiving a request to transmit information between the sender 

6 computer and the recipient computer; 

7 encrypting a symmetric key using the sender public key and 

8 sending the encrypted symmetric key to the sender computer; and 

9 encrypting the symmetric key using the recipient public key 

10 and sending the encrypted symmetric key to the recipient computer 

11 whereby the sender computer can receive and decrypt the 



12 symmetric key using a sender private key, the recipient computer can receive 

13 and decrypt the symmetric key using a recipient private key, and the sender 

14 and recipient computers can transmit information that is encrypted using the 

15 symmetric key. 



1 2. The method of claim 1 wherein the request to transmit 

2 information between the sender computer and the recipient computer is 

3 received from the sender computer. 

1 3. The method of claim 1 wherein the request to transmit 

2 information between the sender computer and the recipient computer is 

3 encrypted using a public key of a message server computer. 



-18- 



WO 01/69843 



PCT/US01/07767 



1 4. The method of claim 1 including before sending the 

2 encrypted symmetric key to the recipient computer, verifying that the 

3 recipient computer is available to receive the encrypted symmetric key. 

1 5. The method of claim 1 including before sending the 

2 encrypted symmetric key to the sender computer, verifying that the recipient 

3 computer received the encrypted symmetric key. 

1 6. The method of claim 1 wherein the provided sender 

2 public key and the recipient public key are used to encrypt multiple 

3 symmetric keys for transmitting information between the sender computer 

4 and the recipient computer. 

1 7. The method of claim 1 wherein a new symmetric key is 

2 used each time a request is received to transmit information between the 

3 sender computer and the recipient computer. 



1 8, The method of claim 1 wherein the providing of the 

2 sender public key includes sending a temporary server public key to the 

3 sender computer and receiving from the sender computer the sender public 

4 key encrypted using the temporary server public key, and decrypting the 

5 sender public key using a temporary server private key. 



1 9. The method of claim 1 wherein the providing of the 

2 recipient public key includes sending a temporary server public key to the 

3 recipient computer, receiving from the recipient computer the recipient 

4 public key encrypted using the temporary server public key, and decrypting 

5 the recipient public key using a temporary server private key. 
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1 10. The method of claim 1 wherein the providing of the 

2 sender public key includes sending a temporary server public key to the 

3 sender computer and receiving from the sender computer the sender public 

4 key encrypted using the temporary server public key, and decrypting the 

5 sender public key using a temporary server private key; and wherein the 

6 providing of the recipient public key includes sending a temporary server 

7 public key to the recipient computer and receiving from the recipient 

8 computer the recipient public key encrypted using the temporary server 

9 public key, and decrypting the recipient public key using a temporary server 

10 private key. 



1 11. The method of claim 10 wherein the temporary server 

2 public key sent to the sender computer is different from the temporary server 

3 public key sent to the recipient computer. 

1 12. The method of claim 1 including ensuring that a 

2 recipient is at the recipient computer before sending the encrypted symmetric 

3 key to the sender computer. 

1 13. The method of claim 12 including ensuring that the 

2 recipient is authorized to receive the information. 

1 14. The method of claim 1 wherein the providing, receiving, 

2 encrypting, and sending are performed under control of a message server 

3 computer, and whereby the information transmitted between the sender 

4 computer and the recipient computer is not sent to the message server 

5 computer. 
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1 15, The method of claim 1 wherein the public and private 

2 keys are RSA based. 

1 16. The method of claim 1 wherein the symmetric key is 

2 DES based, IDEA based, or Triple-DES based. 

1 17. A method for coordinating the transmitting of 

2 information between a sender and a recipient, the method comprising: 

3 providing a sender asymmetric encryption mechanism for 

4 communications between the sender and a third party, and a recipient 

5 asymmetric encryption mechanism for communications between the recipient 

6 and the third party; and 

7 under control of the third party, 

8 encrypting a symmetric key using the sender 

9 asymmetric encryption mechanism and sending the encrypted symmetric key 

10 to the sender; and 

11 encrypting the symmetric key using the recipient 

12 asymmetric encryption mechanism and sending the encrypted symmetric key 

13 to the recipient 

14 whereby the sender can receive and decrypt the symmetric key 



15 using the sender asymmetric encryption mechanism, the recipient can receive 

16 and decrypt the symmetric key using a recipient asymmetric encryption 

17 mechanism, and the sender and recipient can transmit information that is 

18 encrypted using the symmetric key. 

1 18. The method of claim 17 including receiving from the 

2 sender a request to transmit information to the recipient. 
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1 19. The method of claim 18 wherein the request to transmit 

2 information to the recipient is encrypted using an asymmetric encryption 

3 mechanism. 

1 20. The method of claim 17 including before sending the 

2 encrypted symmetric key to the recipient, verifying that the recipient is 

3 available to receive the encrypted asymmetric key. 

1 21. The method of claim 17 wherein the provided sender 

2 asymmetric mechanism and the provided recipient asymmetric mechanism 

3 are used to encrypt multiple symmetric keys for transmitting information 

4 between the sender and the recipient. 

1 22. The method of claim 17 wherein a new symmetric key is 

2 used whenever a request is received to transmit information between the 

3 sender and the recipient. 

1 23. The method of claim 17 wherein the information 

2 transmitted from the sender to the recipient is not sent to the third party. 

1 24. The method of claim 17 wherein the asymmetric 

2 encryption mechanisms are RSA or Diffie-Hellman based. 

1 25. The method of claim 17 wherein the symmetric key is 

2 DES, IDEA, or Triple-DES based. 

1 26. A method in a computer system for coordinating the 

2 transmitting of information from a sender computer to a recipient computer, 
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3 the sender computer and the recipient computer being client computers, the 

4 method comprising: 

5 registering asymmetric encryption data for a plurality of client 

6 computers, the registered client computers including the sender computer and 

7 the recipient computer; 

8 encrypting symmetric encryption data using the registered 

9 asymmetric data for the sender computer and sending the encrypted 

10 symmetric encryption data to the sender computer; and 

11 encrypting the symmetric encryption data using the registered 

12 asymmetric encryption data for the recipient computer and sending the 

13 encrypted symmetric encryption data to the recipient computer. 



1 27. The method of claim 26 whereby the sender computer 

2 decrypts the sent symmetric encryption data using its asymmetric encryption 

3 data, encrypts the information using the decrypted symmetric encryption 

4 data, and sends the encrypted information to the recipient computer. 

1 28. The method of claim 26 wherein the recipient computer 

2 decrypts the sent symmetric encryption data using its asymmetric encryption 

3 data, receives the encrypted information, and decrypts the received encrypted 

4 information using the decrypted symmetric encryption data. 

1 29. The method of claim 26 wherein the registering includes 

2 receiving from the client computer the asymmetric encryption data for that 

3 client computer. 

j 30. The method of claim 26 wherein the registering includes 

2 receiving asymmetric encryption data that is itself encrypted. 
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1 31. The method of claim 26 including before sending the 

2 encrypted symmetric encryption data to the recipient computer, ensuring that 

3 the recipient computer is available to receive the encrypted symmetric 

4 encryption data. 

1 32. The method of claim 26 including before sending the 

2 encrypted symmetric encryption data to the sender computer, verifying that 

3 the recipient computer is available to receive encrypted information from the 

4 sender computer. 

l 33. The method of claim 26 including, when multiple 



2 instances of information are to be transmitted between the sender computer 

3 and the recipient computer, encrypting different symmetric encryption data 

4 for each instance with the same asymmetric encryption data of the sender 

5 computer and with the same asymmetric encryption data of the recipient 

6 computer. 



1 34. The method of claim 26 including ensuring that a person 

2 is at the recipient computer before sending the encrypted symmetric 

3 encryption data to the recipient computer. 

1 35. The method of claim 34 including ensuring that the 

2 person is authorized to receive the information. 

1 36. The method of claim 26 wherein the information is not 

2 sent to the computer system. 

1 37. The method of claim 26 wherein the asymmetric 

2 encryption data is RSA or Diffie-Hellman based. 
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1 38. The method of claim 26 wherein the symmetric 

2 encryption data is DES, IDEA, or Triple-DES based. 

1 39. A method in a sender computer for transmitting 

2 information to a recipient computer, the method comprising: 

3 establishing an asymmetric encryption mechanism with a 

4 server computer; 

5 sending to the server computer a request to send information to 

6 the recipient computer; 

7 receiving from the server computer a symmetric key encrypted 

8 using the asymmetric encryption mechanism; 

9 decrypting the symmetric key using the asymmetric encryption 

10 mechanism; 

11 encrypting information using the decrypted symmetric key; and 

12 sending to the recipient computer the encrypted information. 

1 40. The method of claim 39 wherein the receiving of the 

2 symmetric key from the server computer indicates that the recipient computer 

3 is available to receive transmitted information. 

1 41. The method of claim 40 wherein the receiving of the 

2 symmetric key from the server computer also indicates that a person is at the 

3 recipient computer. 

1 42. The method of claim 41 wherein the receiving of the 

2 symmetric key from the server computer also indicates that the person is 

3 authorized to receive the information. 
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1 43, The method of claim 39 wherein the establishing 

2 includes sending a public key of the sender computer to the server computer. 

1 44. The method of claim 39 including, for each request sent 

2 to the server computer, receiving from the server computer a different 

3 symmetric key encrypted with the same asymmetric encryption mechanism. 

1 45. The method of claim 39 wherein the asymmetric 

2 encryption mechanism is RSA or Diffie-Hellman based. 

1 46. The method of claim 39 wherein the symmetric key is 

2 DES, IDEA, or Triple-DES based. 

1 47. The method of claim 39 wherein the establishing and the 

2 sending of the request are temporally separated. 

1 48. The method of claim 39 wherein the establishing is 

2 independent of the sending of any request. 

1 49. A method in a recipient computer for receiving 

2 information from a sender computer, the method comprising: 

3 establishing an asymmetric encryption mechanism with a 

4 server computer; 

5 receiving from the server computer a symmetric key encrypted 

6 using the asymmetric encryption mechanism; 

7 decrypting the symmetric key using the asymmetric encryption 

8 mechanism; 

9 receiving from the sender computer information encrypted 

10 using the symmetric key; and 
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11 decrypting the received information using the decrypted 

12 symmetric key. 

1 50. The method of claim 49 wherein the establishing 

2 includes sending a public key of the recipient computer to the server 

3 computer. 

1 51, The method of claim 49 including receiving a different 

2 symmetric key encrypted with the asymmetric encryption mechanism for 

3 each request received by the server computer to transmit information to the 

4 recipient computer. 

1 52. The method of claim 49 including receiving from the 

2 server computer an indication of the sender computer that is to send the 

3 information encrypted with the received symmetric key. 

1 53. The method of claim 49 wherein the asymmetric 

2 encryption mechanism is RSA or Diffie Hellman based. 

1 54. The method of claim 49 wherein the symmetric key is 

2 DES, IDEA, or Triple-DES based. 

1 55. The method of claim 49 wherein the establishing and the 

2 receiving of the symmetric key are temporally separated. 

1 56. The method of claim 49 wherein the establishing is 

2 independent of the receiving of information from a sender computer. 

1 57. The method of claim 49 wherein the establishing is 

2 independent of the receiving of any symmetric key from the server computer. 
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1 58. A method in a computer system for coordinating 

2 transmitting of information from a sender computer to a recipient computer, 

3 the sender computer and recipient computer being client computers, the 

4 method comprising: 

5 registering asymmetric encryption data for a plurality of client 

6 computers, the registered client computers including the sender computer and 

7 the recipient computer; 

8 receiving from the sender computer symmetric encryption data 

9 that is encrypted by the sender computer using asymmetric encryption data of 

10 the recipient computer; and 

11 sending the received symmetric encryption data to the recipient 

12 computer so that the sender computer can then send information encrypted 

13 with the symmetric encryption data. 

1 59. The method of claim 58 whereby after sending the 

2 symmetric encryption data to the recipient computer, the sender computer 

3 encrypts the information using the symmetric encryption data and sends the 

4 encrypted information to the recipient computer. 

1 60. The method of claim 59 wherein the recipient computer 

2 decrypts the sent symmetric encryption data using its asymmetric encryption 

3 data, receives the encrypted information, and decrypts the received encrypted 

4 information using the decrypted symmetric encryption data. 

1 61. The method of claim 58 wherein the registering includes 

2 receiving from each client computer asymmetric encryption data for that 

3 client computer. 
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1 62. The method of claim 58 including before sending the 

2 encrypted symmetric encryption data to the recipient computer, ensuring that 

3 the recipient computer is available to receive the encrypted symmetric 

4 encryption data, 

1 63 . The method of claim 5 8 including ensuring that a person 

2 is at the recipient computer before sending the encrypted symmetric 

3 encryption data to the recipient computer. 

1 64. The method of claim 63 including ensuring that the 

2 person is authorized to receive the information. 

1 65. The method of claim 58 wherein the information is not 

2 sent to the computer system. 

1 66. The method of claim 58 wherein the asymmetric 

2 encryption data is RSA or Diffie-Hellman based. 

1 67. The method of claim 58 wherein the symmetric 

2 encryption data is DES, IDEA, or Triple-DES based. 

1 68. A method in a sender computer for transmitting 

2 information to a recipient computer, the method comprising: 

3 sending to a server computer a symmetric key that has been 

4 encrypted using an asymmetric key of the recipient computer; 

5 receiving from the server computer an indication that the 

6 recipient computer has received the symmetric key; and 

7 sending to the recipient computer the information encrypted 

8 using the symmetric key. 
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1 69. The method of claim 68 including before sending to the 

2 server computer the symmetric key, receiving from the server computer the 

3 asymmetric key of the recipient computer. 

1 70. The method of claim 69 including before receiving the 

2 asymmetric key sending to the server computer a request to transmit 

3 information to the recipient computer. 

1 71. The method of claim 68 wherein the symmetric key that 

2 is encrypted using an asymmetric key of the recipient computer is further 

3 encrypted using an asymmetric key of the server computer. 

1 72. The method of claim 68 including before sending the 

2 symmetric key to the server computer, registering with the server computer. 

1 73. The method of claim 68 wherein a different symmetric 

2 key is used for each transmission to the recipient computer. 

1 74. The method of claim 68 wherein the asymmetric key is 

2 RSA or Diffie-Hellman based. 

1 75. The method of claim 68 wherein the symmetric key is 

2 DES, IDEA, or Triple-DES based. 

1 76. A method in a recipient computer for receiving 

2 information from a sender computer, the method comprising: 

3 receiving from a server computer a symmetric key encrypted 

4 using an asymmetric key of the recipient computer; 

5 decrypting the symmetric key using an asymmetric key of the 

6 recipient computer; 
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7 notifying the server computer that the symmetric key has been 

8 received; and 

9 after notifying the server, 

10 receiving from the sender computer information 
n encrypted using the symmetric key; and 

12 decrypting the received information using the 

13 decrypted symmetric key. 

1 77. The method of claim 76 wherein the symmetric key is 

2 encrypted by the sender computer. 

1 78. The method of claim 76 including receiving a different 

2 symmetric key encrypted with the asymmetric key for each request received 

3 by the server computer to transmit information to the recipient computer. 

1 79. The method of claim 76 including receiving from the 

2 server computer an indication of the sender computer that is to send the 

3 information encrypted with the received symmetric key. 

1 80. The method of claim 76 wherein the asymmetric key is 

2 RSA or Diffie-Hellman based. 

1 81. The method of claim 76 wherein the symmetric key is 

2 DES, IDEA, or Triple-DES based. 

1 82. A computer-readable medium containing instructions for 

2 controlling a computer system to coordinate transmitting of information from 

3 a sender computer to a recipient computer, the sender computer and recipient 

4 computer being client computers, by a method comprising: 

5 receiving a public key for the recipient computer; 
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6 sending the received public key to the sender computer; 

7 receiving from the sender computer a symmetric key encrypted 

8 using the public key sent to the sender computer; and 

9 sending the received symmetric key to the recipient computer. 



1 83. The computer-readable medium of claim 82 wherein the 

2 sender computer encrypts the information using the symmetric key and sends 

3 the encrypted information to the recipient computer. 

1 84. The computer-readable medium of claim 83 wherein the 

2 recipient computer decrypts the sent symmetric key using its private key, 

3 receives the encrypted information, and decrypts the received encrypted 

4 information using the decrypted symmetric key. 

1 85. The computer-readable medium of claim 82 including 

2 includes receiving from each client computer a public key for that client 

3 computer. 

1 86. The computer-readable medium of claim 82 including 

2 before sending the encrypted symmetric key to the recipient computer, 

3 ensuring that the recipient computer is available to receive the encrypted 

4 symmetric key. 



1 87. The computer-readable medium of claim 82 including 

2 ensuring that a person is at the recipient computer before sending the 

3 encrypted symmetric key to the recipient computer. 

1 88. The computer-readable medium of claim 87 including 

2 ensuring that the person is authorized to receive the information. 
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1 89. The computer-readable medium of claim 82 wherein the 

2 information is not sent to the computer system. 

1 90. The computer-readable medium of claim 82 wherein the 

2 public key is RSA or Diffie-Hellman based. 

1 91 . The computer-readable medium of claim 82 wherein the 

2 symmetric key is DES, IDEA, or Triple-DES based. 

1 92. A computer-readable medium containing instructions for 

2 controlling a sender computer to transmit information to a recipient 

3 computer, by a method comprising: 

4 sending to a server computer a symmetric key that has been 

5 encrypted using a public key of the recipient computer; 

6 receiving from the server computer an indication that the 

7 recipient computer has received the symmetric key; and 

8 sending to the recipient computer the information encrypted 

9 using the symmetric key. 

1 93. The computer-readable medium of claim 92 including 

2 before sending to the server computer the symmetric key, receiving from the 

3 server computer the public key of the recipient computer. 

1 94. The computer-readable medium of claim 93 including 

2 before receiving the public key sending to the server computer a request to 

3 transmit information to the recipient computer. 

1 95. The computer-readable medium of claim 92 wherein the 

2 symmetric key that is encrypted using the public key of the recipient 

3 computer is further encrypted using a public key of the server computer. 
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1 96. The computer-readable medium of claim 92 including 

2 before sending the symmetric key to the server computer, registering with the 

3 server computer. 

1 97. The computer-readable medium of claim 92 wherein a 

2 different symmetric key is used for each transmission to the recipient 

3 computer. 

1 98. The computer-readable medium of claim 92 wherein the 

2 public key is RSA or Diffie-Hellman based. 

1 99. The computer-readable medium of claim 92 wherein the 

2 symmetric key is DES, IDEA, or Triple-DES based. 

1 100. A computer-readable medium containing instructions for 

2 controlling a recipient computer to receive information from a sender 

3 computer, by a method comprising; 

4 receiving from a server computer a symmetric key encrypted 

5 using an public key of the recipient computer; 

6 decrypting the symmetric key using a private key of the 

7 recipient computer; 

8 receiving from the sender computer information encrypted 

9 using the symmetric key; and 

10 decrypting the received information using the decrypted 
n symmetric key. 

1 101. The computer-readable medium of claim 100 wherein 

2 the symmetric key is encrypted by the sender computer. 
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1 102. The computer-readable medium of claim 100 including 

2 receiving a different symmetric key encrypted with the public key for each 

3 transmission by the server computer to the recipient computer. 

1 103. The computer-readable medium of claim 100 including 

2 receiving from the server computer an indication of the sender computer that 

3 is to send the information encrypted with the received symmetric key. 

1 104. The computer-readable medium of claim 100 wherein 

2 the public key is RSA or Diffie Hellman based. 

1 105. The computer-readable medium of claim 100 wherein 

2 the symmetric key is DES, IDEA, or Triple-DES based. 

1 106. A server computer for coordinating transmission of 

2 information from a sender computer to a recipient computer, comprising: 

3 means for receiving a public key for the recipient computer; 

4 means for sending the received public key to the sender 

5 computer; 

6 means for receiving from the sender computer a symmetric key 

7 using the public key sent to the sender computer; and 

8 means for sending the received symmetric key to the recipient 

9 computer. 

1 107. The server computer of claim 106 including means for 

2 registering client computers. 
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1 108. The server computer of claim 107 wherein the means for 

2 registering computer uses temporary asymmetric keys to transmit permanent 

3 asymmetric keys. 

4 109. A server computer for registering public keys, 

5 comprising: 

6 means for generating a temporary server public and private key 

7 pair; 

8 means for sending the temporary server public key to a client 

9 computer; 

10 means for receiving from the client computer a client public 
n key encrypted with the temporary server public key; and 

12 means for decrypting the received client public key using the 

13 temporary server private key. 

l 1 10. A computer system for coordinating secure transmission 

i of information between client computers, comprising; 

3 a component for establishing a different asymmetric encryption 

4 mechanism for communication between the computer system and each client 

5 computer; and 

6 a component that receives a request to transmit information 

7 between requested client computers; 

8 a component that, for each requested client computer, encrypts 

9 a symmetric key with the asymmetric encryption mechanism of that client 

10 computer and sends the encrypted symmetric key to that client computer. 
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